card capable of authentication

ABSTRACT

It is possible to prevent use of a forged card. An authentication chip describing information which cannot be copied or difficult to be copied is attached to a card and a card processing device includes a card authentication processing device. The information described in the authentication chip is degitized and encrypted to obtain encrypted data, which is described on an authentication certifying chip. The authentication certifying chip is attached to the card. The authentication certifying chip checks the validity of the authentication chip. Before a specific operation such as entry of a password is started, it is judged whether the card is true so as to exclude a forged card.

FIELD OF THE INVENTION

The present invention relates to a structure of an object such as acard, a bank note, securities, etc., which is often forged orcounterfeited and which requires authentication to check whether it isauthentic or not. The invention also relates to a method for identifyingauthenticity of such the object.

BACKGROUND ART

In the present-day society, which is often called a card-orientedsociety, a great number of different types of cards are widelypropagated. Specifically, a cash card and a credit card issued by acredit company which are relating to the assets of property owners and aprepaid card as securities, and identification cards such as a driver'slicense, a health insurance card and a passport are widely used.

In many of the cards relating to property or securities and bonds,necessary information is written on a magnetic stripe disposed on thesurface or on the rear surface of the card. By using automatic machinessuch as an ATM (automated teller machine) or a manual reading device,the magnetic information is read from the magnetic stripe, and varioustypes of processing are executed.

FIG. 1 shows an example of a flow of processing the cash card currentlyin use. (1) When an owner of a card inserts the cash card into a cardslot of a terminal device such as an ATM, a sensor at the card slotsenses the inserted card, and the card is taken into the device.

(2) When the card is taken into the device, the terminal device readscard information from a magnetic recording portion of the card. In caseof a cash card, the card information such as a bank code, a bank branchcode, a type of account, an account number, etc. is read. A cardidentification number, the expiration date, a type of account and anaccount number are recorded as the card information on the magneticrecording portion of a credit card. If a personal identification numberis recorded on a cash card or a credit card, the personal identificationnumber is also read.

(3) The terminal device judges whether or not the inserted card is avalid card, which can be handled by the terminal device.

(4) If it is not confirmed that the card can be handled by the devicefrom the card information thus read, or if the information on the cardcannot be read because the card is broken or stained even though thecard is a valid card, the terminal device judges that it is an invalidcard which cannot be handled and discharges the card.

(5) When the card is a valid card and when the information on themagnetic recording portion of the card has been read correctly,communication with a host computer starts.

(6) The host computer requests the inputting of the personalidentification number.

(7) In response to the request from the host computer, the card userinputs the personal identification number.

(8) When the card user inputs the personal identification number inresponse to the request of the host computer, the host computer comparesthe inputted personal identification number with the personalidentification number which is stored in the host computer and whichcorresponds to the card information thus read.

(9) If the numbers differ, this fact is recorded on the magneticrecording portion of the card, and the inputting of the personalidentification number is requested again. In a case where the personalidentification number inputted again is proper and valid, subsequentprocedure is carried out. In a case where the inputted number differsfrom the stored number, the inputting of the personal identificationnumber is requested further again. If erroneous inputting of thepersonal identification number is repeated three times, the card isinvalidated and is, for example, taken into the terminal device as theresult of invalidation procedure.

(10) In a case where the personal identification numbers are equal, thehost computer judges that the card user is a legitimate card owner andrequests the user to input the amount to be paid.

(11) The user inputs the amount which he (she) wishes to draw.

(12) When the amount to be paid is proper, the amount is paid and thecash card is discharged from the terminal device. Then, the payment isrecorded on a bankbook, or a slip indicating the dealing is issued, andthe processing finishes. If the personal identification number isrecorded on the cash card, the dealing is carried out under theassumption that the personal identification number is valid. Then, thepersonal identification number is erased from the magnetic recordingportion.

FIG. 2 (a) illustrates an example of the cash card used in theprocessing flow of the currently used cash card as shown in FIG. 1. Thereference number 1 shows a cash card body made of a material such asplastics. On the surface of the card, a magnetic stripe 2 whereinformation is recorded and an arrow mark 3 to indicate the direction toinsert the cash card are disposed. Although not shown in the drawing,other necessary matters are entered thereon by embossed characters. Asinformation written in the magnetic stripe can be easily read by using adevice called a skimmer, the card may be forged, and often causes damageby using the card thus forged.

To cope with this problem, an IC card incorporating a semiconductormemory has been used. Banks and other organizations have been makingefforts to propagate this type of card to replace the magnetic card.

However, the information stored in the memory of the IC card is stillpossible to be read. If more elaborate forgery is attempted, we may notbe able to say that the IC card is absolutely safe. In addition, the ICcard is very expensive compared to the magnetic card, and it would behard to expect the rapid propagation of IC cards.

In case of the cash card used in banks, it would suffice if the card canbe used within the boundary of one country. However, in case of thecredit card, the card is necessary to be used also in foreign countries.It is practically impossible to replace all of the credit cards, i.e.magnetic cards, used in the whole world with IC cards under unifiedstandards.

Further, in cash cards and credit cards, the information such as thename of the card owner is marked by embossing, and these types ofinformation are also used for the magnetic information. In this respect,the embossed information may be used as a clue or a key in thepreparation for forging a card.

If the magnetic card or the IC card is lost or stolen, the card ownermay easily become aware of the fact of loss or theft. However, when thecard returned into the hand of the card owner after it has been stolen,in particular, when the card owner does not aware of the fact ofstealing, it is liable to cause damage by the use of the forged card.

A personal identification number, consisting of 4-digit numbers, hasbeen used not for preventing cards from being illegitimately used by theprevention of the forgery but as the means to determine whether or notthe card user is proper. Since assumable numbers have been often usedfor these personal identification numbers, there have been many cases ofthe loss and damage. In recent years, the personal identification numberis stolen not only by assumption of it but also by peeping such as themeans of stealthily taking a photograph of the personal identificationnumber. It is now very difficult to prevent the illegitimate use ofcards by using the personal identification number.

For the purpose of preventing the damage caused by the forged card, someadopts the biometric technique using the pattern-recognition technology.The typical examples of the biometric technique are iris recognition,fingerprints recognition, palm-prints recognition, finger veinrecognition, palm vein recognition, and hand-back vein recognition.These recognition is, except iris recognition, contact-type ornon-contact-type. It is necessary for the recognition to register thepattern in advance. Time and procedures are required for theregistration of the pattern, and also time is needed for the recognitionof the pattern itself and for determining, and that results highercosts.

In case of the contact-type recognition, the user must come into directcontact with the detection device, and there arises a problem that theuser may feel physiological repugnance or disgust. Also, in a case wherethe user has injury on the physical part necessary for the biometricalrecognition, or in the worst case where the user has lost the physicalpart to be needed for the recognition, it is impossible to use thebiometrical recognition. Also, the recognition is partially made duringthe process of identifying, and accordingly, it is not a perfect method.

In the system using the biometrical recognition, the card user himselfor herself can only use his or her own card. When the card user has notenough time to use the card personally or does not find a cardprocessing device nearby, even if the user wants to entrust arepresentative or an agent to use the card, it is not allowed. This isvery inconvenient for the user.

As one of the means for preventing the forgery, an embossed hologram ismounted to form surface irregularities on the plastic surface in case ofcredit cards, prepaid cards, securities, etc. This embossed hologram isvery difficult to duplicate. In this respect, it is actually impossibleto forge the card provided with the embossed hologram. In the currentcondition of the use, however, it is a person, who read the embossedhologram at a glance. Thus, it is possible that the card is forged touse by using the embossed hologram of similar type.

FIG. 2 (b) illustrates an example of a credit card with the embossedhologram, on which the card authentication is verified according to thehuman sense. The reference numeral 1 shows a credit card body made of amaterial such as plastics. On the surface of the card, a magnetic stripe2 where information is recorded and an arrow mark 3 to indicate thedirection to insert the cash card are disposed. Although not shown inthe drawing, other necessary matters are entered thereon by embossedcharacters.

This cash card 1 is inserted into a terminal device with a portion withthe arrow mark placed at the foremost position. Near the foremostportion on the card, an authentication verifying chip 4 consisted of,for example, an embossed hologram is mounted.

The magnetic stripe is disposed, unlike the cash card, on the rearsurface of the credit card, but the direction to insert the card intothe terminal device is the same. As a result, the direction to read themagnetic information on the credit card is reverse to that of the cashcard.

In the verifying chip 4, a pattern “A”, as an example, is confirmed by aperson, who inserts the card into the terminal device, visually, i.e. bysensuous means, but is not read by the card terminal device.

The authentication verifying by sensuous means provides high effects inprimary screening but its reliability is low because there arevariations in the ability of each individual person who confirms andidentifies or there are also variations in the identifying environmentand psychological and/or physical conditions of the person.

When verifying the authentication by using an auxiliary tool, it iscarried out by ultra-fine lines, special lines and micro-characters byusing a screen with special shape, a magnifying device such as amagnifying glass or a special type filter generating opticalinterferences.

Practically, a material having a special optical property is mixed intothe base material, laminated film or ink using such as a base materialwith light-emitting property, a light-emitting laminated film,light-emitting ink, thermo-chromic ink, photo-chromic ink, etc., and theauxiliary tool of a special filter, a ultra-violet ray lamp, etc. isused. However, these are also low in reliability because recognition andidentification are consequently relying on the human sense.

The authentication verifying by mechanical processing is to verifyauthenticity by mechanically detecting the property of the objectmaterial. The magnetic property and the optical property may be used forthe detection.

Practically, a light-emitting material or a magnetic material is mixedinto a base material, laminated film or ink and a detection device isused. Or, specific coded information is magnetically or optically addedby using OCR characters or magnetic barcodes, and a magnetic or opticaldetection device is used.

In the authentication verifying by the mechanical processing, anartifact-metrics system using an artifact without havingreproducibility, randomly arranged in a medium, is used instead of theinformation specific to the living body. This is described in “FinancialBusiness and Artifact-Metrics” published by the Institute for Monetaryand Economic Studies, the Bank of Japan (http://www.imes.boj.or.jp/japanese/jdps/2004/04-J-12.pdf) and “The Patterns ofArtifact-Metrics in Financial Field”; 6th Information Security Symposium(http://www.imes.boj.or.jp/japanese/kinyu/2004/kk23-2-6.pdf).

In the artifact-metrics system, a light reflecting pattern of granularsubstances, a transmission light pattern of optical fibers, a parallaximage pattern of polymer fibers, a fiber image pattern, a magneticpattern of magnetic fibers, a random-recorded magnetic pattern, a randommagnetic pattern of a magnetic stripe, a random electric charge patternof a memory cell, a resonance pattern of electrically conductive fibers,a resonance pattern of a vibrating seal, etc., which are formed bychance, are used.

As the matters subject to the illegitimate use or the forgery of thecard, “the information of the descriptions of the card” added when thecard is issued to a user and “the information of the card” given to thecard in the manufacturing process are included. (“Handbook on theTechnique to Prevent Forgery on the Surface of Affiliated IC Cards”,published by the National Printing Bureau, the Ministry of Finance (see:http://www.npb.go.jp/ja/info/ichb.pdf).

The information of the descriptions of the card is the information whichis accorded and printed on the card body when issued to the user, andwhich is relating to the card issuance such as the card ownerinformation, the period of validity, etc. Falsification, which is atypical act of the illegitimate use of the card, is an act to alter allor a part of the information of the descriptions of the card, done byerasing the genuine information and adding illegitimate information.

The information of the card is the information of the card itself, otherthan the information of the descriptions of the card in the issued card.It is the information relating to the card body such as the physicalshape of the card, background patterns applied to the card inpre-printing factory, printing layer on underlying layer and laminatedprotective layer, etc.

Forgery is an illegal act carried out for the card body. It is carriedout by duplicating or imitating the design, patterns, etc., relating tothe card body to forge a card, which is similar to the authentic card inthe external appearance. Actually, the design, patterns, etc. on thesurface of the authentic card are read by the means such as a scanner,which are then, edited or amended by using the means such as a printer.

Many types of techniques to prevent the forgery of the card body areknown through combining the printing mode, types of ink, printingpatterns, etc., only in the printing art, but no decisive technique isknown yet at present.

The methods for authentication verifying to recognize and identify theforgery can be roughly classified as a method based on human sensuousability; a method using auxiliary tools; and a method by mechanicalprocessing.

In the authentication verifying by the human sensuous ability, theauthenticity of a card is identified by the sensuous ability such as thevisual sense, the tactile sense, etc. The means to identify by thevisual sense includes colors of the card itself, a watermark and ahologram, which changes the color and patterns provided on the card bychanging the viewing angle. The means to identify by the tactile senseincludes detecting the surface irregularities added on the card anddetecting the texture of the card body itself.

Actually, a logo mark, a special font, printing lines for preventingduplication, special color ink, embossed hologram, an optically changingmaterial, a latent image pattern, etc., which are difficult to duplicateor copy and in which the authenticity of the card can be easilyidentified by the visual sense are used. And embossing, surfaceirregularities, perforation, etc. are also used, on which theauthenticity can be identified by finger feeling or by the visual sense.

FIG. 3 shows a conventional example of a card, to which anauthentication verifying chip of an artifact-metrics chip using metalgranules is mounted as disclosed in Japanese Patent Laid-OpenPublication No. H10-44650. FIG. 3 (a) is a general view, FIG. 3 (b) is across-sectional view and FIG. 3 (c) is an enlarged view of the verifyingchip.

In the card 1, the artifact-metrics chip 4 in thin-plate shape made of alight transmitting resin mixed with metal granules 5 is layered on acard base member 7, having a light non-transmitting property, which hasan opening for the identification purpose on it. And a non-transparentcard surface plate 6 is further layered, in which a magnetic stripe 2and an arrow mark 3 are formed thereon and another opening is arrangedat the same position as the opening on the card base member 7.

The metal granules 5 are mixed three-dimensionally in the lighttransmitting resin without regularity. As a result, the arrangementpattern of the metal granules 5 observed through the opening is inherentin each of the artifact-metrics chip 4.

By utilizing these characteristics, a light to pass through theartifact-metrics chip 4 is photographed via the opening, and thearrangement pattern of the metal granules 5 can be observed. Therefore,it is possible to identify each individual artifact-metrics chip 4 andthen, the card.

FIG. 4 shows another conventional example of a card, to which averifying chip of an artifact-metrics chip using fibers as disclosed inJapanese Patent Laid-Open Publication No. 2003-29636. FIG. 4 (a) is ageneral view, FIG. 4 (b) is a cross-sectional view and FIG. 4 (c) is anenlarged view of the artifact-metrics chip. In the card, theartifact-metrics chip 8 containing a mesh member 9 and short fibers 10three-dimensionally mixed in a transparent resin is placed into anopening of the card base member 1, which has a non-transparent property,and a magnetic stripe 2 and an arrow mark 3 are disposed on the surfacethereof. On the artifact-metrics chip 8, an interference pattern isgenerated by the pattern of the mesh member 9 and the short fibers 10.

This interference pattern is inherent in each of the artifact-metricschip 8, i.e., in each card. By utilizing this characteristic, thepattern of the artifact-metrics chip 8 of the verifying chip isphotographed by a transmitted light or a reflected light for the card tobe identified.

Mechanical reading of such the pattern of biometrics or artifact-metricsis generally performed by an image-pickup device and the result isidentified by a pattern-recognition technique. In this respect, there isa possibility that forgery can be made according to a duplicatingtechnique.

As the artifact-metrics chip consists of a real substance, not of animage, it is impossible to arrange the component elements of theartifact-metrics chip intended for the forgery identical to those of theauthentic one. However, the possibility that the same pattern may appearaccording to the same component elements, even though incidentally,cannot be entirely denied. Therefore, a forged object thus obtainedincidentally can be regarded as the authentic object. For this reason,it is very risky to confirm whether the card is authentic or not,depending only on the artifact-metrics chip.

As described above, the technique to determine the authenticity of thecard itself is not yet firmly established, and a card, which cannot beforged, is not realized. Also, the technique to eliminate the use of aforged card is not yet realized.

[Patent Document 1] Japanese Patent Laid-Open Publication No. H10-44650

[Patent Document 2] Japanese Patent Laid-Open Publication No. 2003-29636

[Non-Patent Document 1] “Financial Business and Artifact-Metrics”published by the Institute for Monetary and Economic Studies, the Bankof Japan (http://www.imes.boj.or.jp/japanese/jdps/2004/04-J-12.pdf)[Non-Patent Document 2] “The Patterns of Artifact-Metrics in FinancialField”; 6th Information Security Symposium(http://www.imes.boj.or.jp/japanese/kinyu/2004/kk23-2-6.pdf)[Non-Patent Document 3] “Handbook on the Technique to Prevent Forgery onthe Surface of Affiliated IC Cards”, published by the National PrintingBureau, the Ministry of Finance (see:http://www.npb.go.jp/ja/info/ichb.pdf).

DISCLOSURE OF THE INVENTION Object of the Invention

The present invention provides a card for increasing security withoutadding basic changes to a cash card or a credit card as practicallyused, and a method for processing the card.

It is an object of the present invention to alleviate the burden onauthentication verifying work and to exclude the possibility that aforged object obtained incidentally or by chance is regarded as anauthentic object.

Means for The Object

To attain the above object, in the invention of the present application,an authentication verifying chip difficult to be forged is added and anauthentication verifying device is added to a device for processing thecard for authentication verification of the card.

The following can be adopted for the authentication verifying chip:granules such as metal granules dispersed in a transparent medium; fiberpieces dispersed in a transparent medium; an interference patternbetween a pattern having regularity arranged in a transparent medium andfiber pieces dispersed in the transparent medium; an embossed hologram;fluorescent granules dispersed in a transparent medium; and radioactivesubstance granules dispersed in an arbitrary type of medium.

Further, in addition to the verifying chip, another type of chip isprovided. The information described in the verifying chip is digitizedand the digitized data is encrypted. Then, the encrypted data is enteredin the latter chip, and this is used as an authentication certifyingchip.

When the card is used, the image of the verifying chip on the card isread and digitized. At the same time, the encrypted data of theauthentication certifying chip on the same card is decrypted. The datadecrypted from the certifying chip is compared with the data of theverifying chip. If these are equal to each other, the card is identifiedas an authentic card. If not, the card is judged as a forged card.

For a cryptosystem, as the simplest way, it is used a secret-keycryptosystem where only the card issuer knows the secret-key. It is alsopossible to use a public-key cryptosystem, in which different keys areused for encryption and decryption. In a common-key cryptosystem, apublic-key and a private-key are used and either key can be used forencryption or decryption.

To alleviate the burden of encryption/decryption, hash algorithm such asMD5 (Message Digest 5), SAH-1 (Secure Hash Algorithm-1) SAH-2, etc., areused.

For example, the card ID and information of the card owner are added ormixed into the digitized data and are encrypted on the whole. Further, adigital watermark is entered to the digitized data. Turning of thedigital data to hash value, adding the ID and owner information andentering the digital watermark may be adopted alone or in combination.

In the device for processing the card, the authenticity of the card isidentified prior to the starting of actual operation such as inputtingthe personal identification number. The device discharges the forgedcard or gives a warning, or takes the forged card into the device.

EFFECTS OF THE INVENTION

Granules such as metal granules dispersed in a transparent medium,fibers dispersed in a transparent medium, an interference patternbetween a pattern having regularity arranged in a transparent medium andfibers dispersed in the transparent medium, fluorescent granulesdispersed in a transparent medium and radioactive substance granulesdispersed in an arbitrary type of medium can be obtained onlyincidentally or by chance, and are impossible to be duplicated. Anembossed hologram has a three-dimensional structure, and is alsoimpossible to be duplicated unless a replica is produced directly fromthe prototype.

Also, a forged card attempted by duplicating the magnetic recording dataor the data in an IC chip can be excluded, and it cannot be used.

Further, when it is attempted to illegally use the card, such the usecan be rejected and damage or loss can be prevented before it actuallyoccurs. Or, an illegitimate card may be allowed for the use to someextent, but it enables to easily specify the user of the illegitimatecard by finally ensuring to hold the illegitimate card.

In a case where the verifying chip and the certifying chip are bothpresent on a single card, the authenticity of the card can be confirmedwithout resort to the host server, if a crypt key is given to theterminal device such as an ATM.

Even when the same artifact-metrics are obtained by chance and the samehash value is obtained incidentally, unless algorithm of ID of the cardor information of the card owner further added or mixed to the hashvalue is known, it is not possible to know the crypt key used forencryption. Thus, the degree of security is very high.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow chart to show a flow of the processing of a currentlyused cash card;

FIG. 2 shows a conventional type cash card;

FIG. 3 shows an example of a conventional type card usingartifact-metrics;

FIG. 4 shows another example of a conventional type card usingartifact-metrics;

FIG. 5 shows an example of a card, on which an authentication verifyingchip is mounted;

FIG. 6 shows another example of a card, on which the verifying chip ismounted;

FIG. 7 shows still another example of a card, on which the verifyingchip is mounted;

FIG. 8 shows examples of the mounting position of the verifying chip;

FIG. 9 shows other examples of the mounting position of the verifyingchip;

FIG. 10 illustrates a mark for the position alignment;

FIG. 11 shows the verifying chip prepared according to random numbers;

FIG. 12 is an example of random numbers to be used in the verifyingchip;

FIG. 13 shows an arrangement example of random numbers to be used in theverifying chip;

FIG. 14 shows an example where the random numbers used in the verifyingchip are in binary numbers;

FIG. 15 shows an example where the random numbers used in the verifyingchip are arranged as binary numbers;

FIG. 16 shows an example of the additional random numbers used in theverifying chip;

FIG. 17 shows an example where additional random numbers used in theverifying chip are in binary numbers;

FIG. 18 shows an example where additional random numbers used in theverifying chip are in quaternary numbers;

FIG. 19 shows an example where the random numbers used in the verifyingchip are arranged in quaternary numbers;

FIG. 20 shows examples where another authentication verifying chip isobtained from the verifying chip prepared on random numbers;

FIG. 21 shows an example of a card mounted with the authenticationverifying chip and an authentication certifying chip;

FIG. 22 is a flow chart to show a flow of authentication certifying ofthe card shown in FIG. 21;

FIG. 23 shows another example of a card mounted with the verifying chipand the certifying chip;

FIG. 24 is a flow chart to show a flow of authentication certifying ofthe card shown in FIG. 23;

FIG. 25 is still another example of a card mounted with the verifyingchip and the certifying chip;

FIG. 26 is a flow chart to show a flow of authentication certifying ofthe card shown in FIG. 25;

FIG. 27 shows still another example of a card mounted with the verifyingchip and the certifying chip;

FIG. 28 is a flow chart to show a flow of authentication certifying ofthe card shown in FIG. 27;

FIG. 29 is a flow chart to show a flow of processing a cash cardaccording to the present invention;

FIG. 30 is another flow chart to show a flow of processing a cash cardaccording to the present invention; and

FIG. 31 is still another flow chart to show a flow of processing a cashcard according to the present invention.

BRIEF DESCRIPTION OF THE REFERENCE NUMERALS

-   1 card-   2 a magnetic stripe-   3 an arrow-   4, 8, 12, 15, 18, 21, 22, 32, 42, 46, 61 an authentication verifying    chip-   5 metal granules-   6, 14, 34, 44 a surface plate-   7, 44 a card base member-   9 a mesh member-   10 short fibers-   11, 31, 41 a card capable of the authentication verifying-   16, 19, 22, 23, 25 a pit-   17, 20, 24 a portion where the pit is not formed-   33 fluorescent granules-   43 radioactive substance granules-   44, 49, 54, 59 verifying chip-   47 an IC chip-   48 a position alignment mark-   49 a line to start the reading-   50 a line to finish the reading-   51, 52 a line to indicate the end portion-   62, 64, 66, 68 an authentication certifying chip-   60, 63, 65, 67 a card capable of the authentication certifying

BEST MODE FOR CARRYING OUT THE INVENTION

Description will be given below on the best aspect for carrying out theinvention by referring to the accompanied drawings.

First, the following describes an authentication verifying chip for acard.

Embodiment 1 of the Authentication Verifying Chip

FIG. 5 shows a basic arrangement of a card, on which an embossedhologram chip is mounted as a verifying chip according to theembodiment 1. FIG. 5 (a) shows a general view, FIG. 5 (b) is across-sectional view, and each of FIGS. 5 (c) to (e) shows an enlargedview of the embossed hologram chip.

A card 11 comprises a surface plate 14 with an opening being mounted ona card base member 13 having a non-transparent property, and an embossedhologram chip 12 being placed into the opening. On the surface plate 14,a magnetic stripe 2 and an arrow mark 3 are disposed.

The embossed hologram is composed of a pit portion with depth equal to ¼wavelength of a laser beam used and a portion where the pit is notformed. On the pit portion, a reflected laser beam is eliminated by anincident laser beam, and the reflected laser beam is not detected. Onthe portion without the pit, the reflected laser beam is detected as noteliminated by the incident laser beam.

The laser beam used is an infrared laser beam with λ (lambda)=780 nm(λ/4=195 nm) in case of a CD. In case of a DVD, a red laser with λ=650nm (λ/4=151.25 nm) is used. In case of the next generation DVD, using ablue-violet laser with λ=405 nm, an ultraviolet laser with λ=351 nm or afar ultraviolet laser with λ=266 nm is under study. λ/4 is 101.25 nm,87.75 nm or 66.5 nm respectively.

FIG. 5 (c) shows the most basic structure. Pit portions 16 with thedepth of ¼ wavelength of the laser beam used and portions 17 without apit are arranged with an adequate distance between them one another on ahologram chip 15. In the example shown in this figure, each solid lineshown by bidirectional arrows indicates that both incident light andreflected light are present. Each broken line shown by a uni-directionalarrow indicates that there is incident light but no reflected light ispresent.

FIG. 5 (d) shows an example where the direction of the laser beam isinclined. Unless information on the tilt angle is available, it isdifficult to read the data written therein. In this example, inclinedpit portions 19 with the depth of ¼ wavelength of the laser beam usedand inclined portions 20 without a pit are arranged with an adequatedistance between them one another on a hologram chip 18. In the exampleshown in this figure also, each solid line shown by bidirectional arrowsindicates that both incident light and reflected light are present, andeach broken line shown by a unidirectional arrow indicates that there isincident light but reflected light is not present. It is almostimpossible to duplicate this structure. It is possible that thestructure shown in FIG. 5 (c) and the structure shown in FIG. 5 (d)coexist.

FIG. 5 (e) shows an example where laser beams with a plurality ofwavelengths are used. Unless information on all of the laser beams usedis available, it is difficult to read the written data. In this example,a pit portion 22 with the depth of ¼ wavelength of the red (R) laserbeam; a pit portion 23 with the depth of ¼ wavelength of the green (G)laser beam; a pit portion 25 with the depth of ¼ wavelength of the blue(B) laser beam; and a portion 24 without a pit are arranged with anadequate distance between them one another on a hologram chip 21.

In the example shown in this figure also, each solid line shown bybidirectional arrows indicates that both incident light and reflectedlight are present. Each broken line shown by a uni-directional arrowindicates that there is incident light but no reflected light ispresent. It is almost impossible further to duplicate this structure. Itis also possible that the structure shown in FIG. 5 (d) and thestructure shown in FIG. 5 (e) coexist.

Embodiment 2 of the Authentication Verifying Chip

FIG. 6 shows Embodiment 2 of the verifying chip. FIG. 6 (a) shows adrawing where a card is seen from above; FIG. 6 (b) is a cross-sectionalview of the card; and FIG. 6 (c) is an enlarged view of thecross-sectional view. A card 31 comprises a surface plate 34 with anopening being mounted on a card base member 35 having a non-transparentproperty and a verifying chip 32 composed of fluorescent substancegranules 33 mixed in synthetic resin being placed into the opening.Another surface plate may be layered on the verifying chip 32 and thesurface plate 34.

The card base-plate 35 is a thick plate made of synthetic resin widelyused in a cash card or the like or a thin plate made of synthetic resinused in a prepaid card or the like. The verifying chip 32 has such thearea and such the thickness that it can be placed into the opening ofthe surface plate 34, and fluorescent substance granules 33 are mixedtherein.

For the material of the surface plate 35, either of synthetic resintransparent to the incident light and to the reflected light for thecard or synthetic resin non-transparent to the incident light and/or thereflected light for the card and to other visible lights may be used.For the surface plate layered further on the verifying chip 32 made ofsynthetic resin and the surface plate 34, synthetic resin transparent tothe incident light and the reflected light is used.

Embodiment 3 of the Authentication Verifying Chip

FIG. 7 shows Embodiment 3 of the verifying chip. FIG. 7 (a) shows adrawing where a card is seen from above; FIG. 7 (b) is a cross-sectionalview; and FIG. 7 (c) is an enlarged view of the cross-sectional view. Acard 41 comprises a surface plate 44 with an opening being mounted on acard base member 45 having non-transparent property and a verifying chip42 with radioactive substance granules 20 mixed in synthetic resin beingplaced into the opening. On the surface plate 44, a magnetic stripe 2and an arrow mark 3 are disposed.

The arrangement pattern of the mixed radioactive substance granules isinherent in the verifying chip 42, i.e., in the card 41, and the card isidentified by this characteristic.

Example of the Mounting Position for the Authentication Verifying Chip

FIG. 8 shows examples of the mounting position of the verifying chip ona card according to the structural features as described above. Theverifying chip 46 can be mounted, other than the position at about thecentral portion of the card body as shown in FIG. 5 to FIG. 7, at thefollowing positions: at the foremost position in the middle portion asshown in FIG. 8 (a); at the central position in the middle portion asshown in FIG. 8 (b); at the posterior position in the middle portion asshown in FIG. 8 (c); at the foremost position in the lower portion asshown in FIG. 8 (d); at the central position in the lower portion asshown in FIG. 8 (e); and at the posterior position in the lower portionas shown in FIG. 8 (f). While it can also be mounted at a position inthe upper portion, it is desirable for the mounting position to avoidthe position in the upper portion, when there may be influence on thereading of the information from the magnetic stripe.

Example 2 of the Mounting Position for the Authentication Verifying Chip

From the viewpoint of maintaining higher security for the card or ofproviding better convenience, attempts are being made to use the IC chipin an information storage medium. The IC chip has a semiconductor memoryin it. If the semiconductor memory is irradiated by an electron beam, inparticular, by β, (beta) ray, the memory written may be changed in somecases.

Among the radiations, α (alpha) ray can be shielded even by a piece ofpaper. For this reason, there is almost no need to give consideration onthe influence to the semiconductor memory. However, for the purpose ofshielding β ray, an aluminum plate of 1 mm in thickness or an acrylicplate of 10 mm in thickness is needed. Therefore, in a case whereradioactive substance granules emitting β ray are used, the influence byβ ray can be avoided by disposing a verifying chip 36 and an IC chip 80with a distance of 10 mm or more from each other.

Reading Position of the Authentication Verifying Chip

Physical standards for a cash card and a credit card are strictlystipulated from the viewpoint of the practical use. Accordingly,physical standards of the components to be mounted on it are alsostrictly provided. However, it is not entirely deniable that deformationmay occur due to the excessive use.

To cope with such the problem, it is desirable to arrange a positionalignment mark 48 as shown in FIG. 10 on the verifying chip. In a simplecase, only one position alignment mark may suffice. However, in order toensure the more reliable position alignment, it would be desirable tohave plural marks.

In order to perform the reading more reliably, at the same time with theuse of the position alignment mark, it would be desirable to arrangesome other marks at the position to start the reading and the positionto finish the reading of the authentication verifying chip. Forinstance, a line 49 to start the reading in moving direction and a line50 to finish the reading in moving direction and further, lines 51 and52 to indicate the end portions may be arranged.

The reading of data on the verifying chip is performed by the relativemovement of the authentication verifying chip and the reading device. Toensure the reliable reading, it is necessary to synchronize themovements of the authentication verifying chip and the reading device.If a mark for synchronization signal 87 is disposed on the verifyingchip, the movement of the reading device can be synchronized accordingto the reading of the mark.

The reading start line and the reading finish line and/or the mark forsynchronization signal can be also used for signal normalization in thesignal processing. The position alignment mark, the reading start/finishlines and/or the mark for synchronization signal are made of fluorescentsubstance. For instance, these can be prepared by an adequate printingmeans such as an ink jet printer.

Embodiment 4 of the Authentication Verifying Chip

The authentication verifying chips on the card as shown in FIG. 6 toFIG. 7 are of artifact-metrics. The artifact-metrics cannot be forged,while it is also impossible to control the pattern when manufacturing.In FIG. 11 to FIG. 20, examples of the arrangement of the verifying chipby using binary data suitable for mechanical reading, prepared by acomputer are shown.

In the verifying chip shown in FIG. 11, 1024 binary data are arranged ina matrix form of 32×32. In this figure, the position where binary data“0” is written is shown in blank, and the position where the binary data“1” is written is shown with the mark “*”.

Now, a method to obtain the binary data is described. FIG. 12 shows anexample of true random numbers with hexadecimal numbers of 256 digits,which are obtained by detecting a radiation ray irradiated as the resultof nuclear fission of radioactive substance. Random numbers used for acrypt key or the like are generally supplied as hexadecimal numbers assuch. FIG. 13 shows hexadecimal random numbers shown in FIG. 12 arrangedin the matrix form of 8 columns×32 rows.

The hexadecimal numbers can be expressed by replacing with binary4-digit numbers. That is, “0” of the hexadecimal number corresponds to“0000” of binary numbers. Similarly, “1” corresponds to “0001”, “2”corresponds to “0010”, “3” corresponds to “0011”, “4” corresponds to“0100”, “5” corresponds to “0101”, “6” corresponds to “0110”, “7”corresponds to “0111”, “8” corresponds to “1000”, “9” corresponds to“1001”, “A” corresponds to “1010”, “B” corresponds to “1011”, “C”corresponds to “1100”, “D” corresponds to “1101”, “E” corresponds to“1110” and “F” corresponds to “1111”.

Based on the expressions as given above, 256-digit hexadecimal randomnumbers shown in FIG. 12 are substituted by binary random numbers asshown in FIG. 14. One digit of the hexadecimal number can be replaced by4-digit binary numbers. Thus, 256-digit hexadecimal numbers correspondto 256 digits×4 digits=1024 digits in binary numbers. These binarynumbers can be obtained directly in a random number generator, and insuch a case, it is not necessary to perform the substitution operation.

These numbers are arranged in the matrix of 8 columns×32 rows in FIG. 13and further arranged, for each digit of binary numbers, in the matrix of32 columns×32 rows as shown in FIG. 15.

Finally, the position corresponding to “0” of the binary number in thematrix of FIG. 15 is left without writing the information. Informationis written to the position with the mark “*” corresponding to “1”. Thearrangement of the authentication verifying chip as shown in FIG. 11 isthus, obtained. The verifying chip prepared in this way has theinformation of 32 column×32 rows×1 bit=1024 bits for authenticationverifying, that is, it has an authentication verifying key of 1024 bits.

For the embossed hologram shown in FIG. 5 (c) and the fluorescentsubstance shown in FIG. 6, the lights with a plurality of wavelengthscan be used. Next, an example of the pit arrangement of a verifying chipof a card, which is of binary data suitable for mechanical reading, andis prepared by computer and which uses the lights of generally calledred (R), green (G) and blue (B) is described.

These “R”, “G” and “B” can express the total of four conditionsincluding “0” where no data is written. In other words, these can behandled as quaternary numbers. The quaternary numbers can be expressedby four 2-bit numbers: “00”, “01”, “10” and “11”.

FIG. 16 shows hexadecimal random numbers of 256 digits shown in FIG. 12and further hexadecimal random numbers of 256 digits which antecedethose. Here, what is shown as “hexadecimal random numbers group a” isthe same random numbers as shown in FIG. 12, and “hexadecimal randomnumbers group b” is the random numbers, which antecedes “hexadecimalrandom numbers group a”.

These hexadecimal random numbers group is converted to a binary randomnumbers group. FIG. 17 shows the random numbers divided for every 2 bitsin order to convert to the quaternary numbers expressed as “0”, “R”, “G”and “B”.

Further, binary number “00” is converted to quaternary number “0”,binary number “01” to quaternary number “R”, binary number “10” toquaternary number “G” and binary number “11” to quaternary number “B” asshown in FIG. 18.

The quaternary numbers thus obtained are arranged in the matrix of 32columns×32 rows, similarly to the binary numbers shown in FIG. 11 orFIG. 15, and these are shown in FIG. 19. The verifying chip thusprepared has the information of 32 columns×32 rows×2 bits=2048 bits forauthentication verifying, in other words, it has an authenticationverifying key of 2048 bits.

Now, referring to FIG. 20, a method to obtain a plurality of verifyingchips from one random numbers group is described. FIG. 20 (a), FIG. 20(b), FIG. 20 (c) and FIG. 20 (d) each shows a matrix pattern of 16×16based on the matrix pattern of 32×32 in FIG. 11. FIG. 20 (a) has theorigin at the coordinates (0,0), FIG. 20 (b) has the origin at thecoordinates (1,0), FIG. 20 (c) has the origin at the coordinates (0,1)and FIG. 20 (d) has the origin at the coordinates (1,1). In this way, itis possible to have a plurality of matrix patterns from one matrixpattern obtained from the random numbers group shown in FIG. 12.

For the purpose of obtaining a plurality of matrix patterns from onerandom numbers group, it is also possible to use various methods such asa method to change the use position to start the random numbers groupshown in FIG. 12 or a method to change the preparation position to startthe matrix pattern shown in FIG. 13.

In so doing, a card issuer can maintain secrecy by arranging one randomnumbers group as a master random numbers group and can obtain aplurality of matrix patterns based on the master random numbers group.It is also possible to automatically control the plurality of matrixpatterns based on the information of the origin.

In the examples shown in FIG. 11 and FIG. 15, the authenticationverifying information is recorded by binary numbers expressed in 1 bit,and in the example shown in FIG. 19, the authentication verifying datais recorded by quaternary numbers expressed in 2 bits. In addition tothese, it is also possible to use octal numbers expressed in 3 bits andhexadecimal numbers expressed in 4 bits.

Embodiment 1 of the Certifying Chip

FIG. 21 and FIG. 22 show an example of a card to certify the carditself. FIG. 21 illustrates the card and FIG. 22 shows the functions ofan authentication verifying chip and an authentication certifying chip.

On a card 60, there are provided a verifying chip 61 where informationfor verifying a card Authentication “A” such as artifact-metrics isstored; and a certifying chip 62 where the authentication verifyinginformation “A” is digitized to the digitized data Message “M” and isencrypted to the encrypted data “C” and is stored, and both arenon-separably mounted on the card body. On upper portion of the surfaceof the card 60, a magnetic stripe 2 and an arrow mark 3 are disposed.

Instead of the magnetic stripe 2, or together with it, an IC chip canalso be used. The verifying chip 61 and the certifying chip 62 may bearranged at separate positions respectively as shown in FIG. 21 or thesemay be disposed adjacent to each other or may be united.

Referring to FIG. 22, descriptions below explain, on a basic example,the functions of the verifying chip 61 and the certifying chip 62 on thecard 60 shown in FIG. 21. In FIG. 22, the steps (1)-(5) show the flowwhen the card is prepared by a card issuer. The steps (6)-(10) show whena user uses the card by means of a terminal device such as an ATM.

(1) A verifying chip 61 is prepared, in which card authenticationverifying information “A” being artifact-metrics or an embossed hologramis stored. Because all artifact-metrics are different from each other,all of the verifying chips 61 having artifact-metrics are different fromeach other.

If the verifying chip as shown in FIG. 5 to FIG. 7 is prepared by usingthe data of 32 bits×32 bits=1024 bits (307 digits in decimal number) ormore with the number of bits according to the method shown in FIG. 11 toFIG. 20, the probability of the existence of the same verifying chipscan be very low and it is negligible. Because the embossed hologram hasa three-dimensional structure, it is impossible to make opticalduplication, and accordingly, it is very difficult to forge it.

(2) The information on the verifying chip 61 is read by analog ordigital means. In order to accurately perform the reading when the cardis used, it is desirable that the reading is performed after theverifying chip 61 is mounted on the card 60.

(3) The analog image of the verifying chip 61 thus read is digitized tothe digital data “M”. In a case where the data to be stored in theverifying chip 61 to be read is digital data, the digitization isunnecessary.

(4) The digital data “M” is encrypted, and the encrypted data “C” isobtained. As a cryptosystem, a secret-key cryptosystem and a public-keycryptosystem can be used.

A crypt key used in the secret-key cryptosystem is called a secret-key.In recent years, with the propagation of the public-key cryptosystem,more and more people refer a private-key used in the public-keycryptosystem as a secret-key. In this respect, it is also called acommon-key to avoid the confusion.

According to “Modern Cryptography” published by the Institute ofElectronics, Information and Communication Engineers (Japan), theprocess to obtain the enCrypted data “C” by Encrypting the Message “M”by using a crypt Key “K” is expressed as C=E (K, M), and the process toobtain decrypted data by Decrypting the enCrypted data by using a cryptKey “K” is expressed as M=D (K, C).

Here, following after the above, the process to Encrypt the digital data“M” by a Secret-key Ks of the secret-key cryptosystem to obtain theenCrypted data “Cs” is expressed as Cs=E (Ks, M), and the process toDecrypt the encrypted data “Cs” by the Secret-key Ks to obtain thedigital data “M” is expressed as M=D (Ks, Cs).

The process to Encrypt the digital data “M” by a Pulic-key “Kp” of thepublic-key cryptosystem to obtain the encrypted data “Cp” is expressedas Cp=E (Kp, M). The process to Decrypt the encrypted data “Cp” by apriVate-key “Kv” to obtain digital data “M” is expressed as M=D (Kv,Cp). These are transmission of a crypt key.

The process to Encrypt the digital data “M” by the priVate-key “Kv” ofthe public-key cryptosystem to obtain the enCrypted data Cv is expressedas Cv=E (Kv, M). The process to Decrypt the encrypted data “Cv” by theprivate-key “Kp” to obtain the digital data “A” is expressed as A=D (Kp,Cv). These are the digital signature.

(5) The encrypted data “Cs”, “Cp” or “Cv” are stored in a certifyingchip 44, which is non-separably mounted on the card body 60. For thestorage of the encrypted data, adequate means such as the opticalreading and recording method, the magnetic recording, etc. for barcodeor two-dimensional barcode, etc. may be adopted.

In a case where the card 60 is an IC card with an IC chip mounted on it,it is also possible to store the encrypted data in the IC chip. To be anon-separable structure, they are integrated or a method such as weldingmay be adopted. Also, the encrypted data may be recorded on the carditself instead of mounting the certifying chip on the card.

(6) When the card is used, the encrypted data “C” stored in thecertifying chip 62 is read.

(7) The encrypted data “C” is decrypted by using a predeterminedcryptography algorithm and the crypt key, and the decrypted data “M” isobtained.

(8) At the same time, information “A′” of the verifying chip 61 is read.As the reading means, camera is generally used, while a reading head ora scanner other than camera may be used.

(9) The information “A′” of the verifying chip thus read is digitizedand the digital data “M′” is obtained.

(10) The decrypted data “M” is compared with the digitized data “M′”. Ifthese are equal to each other, it is judged that the combination of theverifying chip 61 and the certifying chip 62 is legitimate. If these aredifferent from each other, it is judged that the combination of theverifying chip 61 and the certifying chip 62 is not legitimate, and thecard is judged as illegitimate. Thus, the authenticity of the verifyingchip 61 is certified by the certifying chip 62 which is togetherwithpresent on the card.

In this example, the data “M′” read from the verifying chip 61 iscompared to the data “M” decrypted from the certifying chip 62. It maybe possible that the encrypted data “C′” obtained by encrypting the data“M′” read from the verifying chip 61 is compared to the encrypted data“C” read from the certifying chip 62.

The data on the certifying chip 62 is encrypted. In this cryptosystem,either of the secret-key (or the common-key) cryptosystem using a singlecrypt key and the public-key cryptosystem using two crypt keys can beadopted. In the public-key cryptosystem, a combination of the public-keyand the private-key (the secret-key) or a combination of the private-keyand the public-key may be adopted when used for the encryption anddecryption.

When a user uses the card by means of a terminal device, the crypt keyfor decryption is used. The crypt key is stored within a server orwithin the terminal device. If it is so designed that the crypt key isstored within the server and when authentication verifying of the cardis needed, the crypt key needed then, is delivered to the terminaldevice each time, it can be a method with high security on on-linebasis. If the crypt key is stored within the terminal device,authentication verifying of the card can be executed only on theterminal device on off-line basis. However, if the terminal device isstolen, the crypt key is also stolen. If it is so designed that thecrypt key is stored in a DRAM in the terminal device and the crypt keystored in DRAM will be lost when the power to the terminal device is cutoff because the terminal device is destroyed or stolen, the stealing ofthe crypt key can be prevented.

Embodiment 2 of the Certifying Chip

When the data stored for confirming the authenticity of the card istransmitted from the host server to the terminal device and theauthenticity is verified on the terminal device, or when the data of thecard is read and transmitted to the server and the authenticity isverified on the server, the storage data volume in the server and thetransmitting data volume become large because the digital data volume ofthe verifying chip 61 is large.

To cope with such the situation, if MD5 (Message Digest 5), which is thetypical hash algorithm, or other hash algorithm such as SAH-1 (SecureHash Algorithm-1) or SAH-2 is used, the data can be converted to the16-byte hash value regardless of how large the data may be, andfalsification of the original data is always reflected in the hashvalue. If utilizing these characteristics, the storage data volume inthe server and the data transmission volume may not be so large. Toalleviate the burden for encryption/decryption, hash algorithm is used.

FIG. 23 and FIG. 24 show an example of a card using the hash algorithm.FIG. 23 shows the card. FIG. 24 shows the functions of the verifyingchip and the certifying chip.

On a card 63, there are provided a verifying chip 61 where cardAuthentication verifying information “A” such as artifact-metrics isstored; and a certifying chip 64 where the authentication verifyinginformation “A” is digitized to the digitized data Message “M”, turnedto the hash value “I”, and “I” is encrypted to the encrypted data “Ch”and is stored; and both are non-separably mounted on the card body. Onthe upper portion of the surface of the card 63, a magnetic stripe 2 andan arrow mark 3 are disposed. An IC chip may be used instead of themagnetic stripe 2 or together with it. The verifying chip 61 and thecertifying chip 64 may be arranged at separate positions respectively asshown in FIG. 23 or these may be arranged adjacent to each other or maybe united.

Referring to FIG. 24, descriptions below explain the functions of theverifying chip 61 and the certifying chip 64 on the card 63 shown inFIG. 23. In FIG. 24, the steps (1)-(6) show the flow of the preparationof the card by a card issuer. The steps (7)-(11) show the flow when auser uses the card by means of a terminal device such as an ATM.

(1) The verifying chip 61 is prepared, in which card authenticationverifying information “A” being artifact-metrics or the embossedhologram is stored. Because all of the artifact-metrics are differentfrom each other, all of the verifying chips 61 having theartifact-metrics are different from each other. In particular, it isimpossible to duplicate the artifact-metrics having thethree-dimensional arrangement, and it cannot be forged.

If the verifying chip as shown in FIG. 5 to FIG. 7 is prepared by usingthe data of 32 bits×32 bits=1024 bits (307 digits in decimal number) ormore with the number of bits according to the method shown in FIG. 11 toFIG. 20, the probability of the existence of the same verifying chipscan be very low and it is negligible. Because the embossed hologram hasa three-dimensional structure, it is impossible to make opticalduplication, and accordingly, it is very difficult to forge it.

(2) The information on the verifying chip 61 is read by analog ordigital means. In order to accurately perform the reading when the cardis used, it is desirable that the reading is performed after theverifying chip 61 is mounted on the card 63.

(3) The analog image of the verifying chip 61 thus read is digitized tothe digital data “M”. In a case where the data to be stored in theverifying chip 61 to be read is digital data, digitization isunnecessary.

(4) The digital data “M” is turned to the hash value “H”. The hash valueobtained when using the MD5 algorithm as widely used, is of 16 bytes(=128 bits).

(5) The hash value “H” is encrypted, and the encrypted data “Ch” isobtained. As the cryptosystem, the secret-key cryptosystem and thepublic-key cryptosystem can be used.

(6) The encrypted data “Ch” is stored in the certifying chip 64, whichis non-separably mounted on the card body 63. For the storage of theencrypted data, adequate means such as the optical reading and recordingmethod, the magnetic recording, etc. for barcode or two-dimensionalbarcode may be adopted.

In a case where the card 63 is an IC card with an IC chip mounted on it,it is also possible to store the encrypted data in the IC chip. It maybe integrated as a non-separable structure or a method such as weldingmay be adopted. The data may be recorded on the card itself instead ofmounting the chip.

(7) When the card is used, the encrypted data “Ch” stored in thecertifying chip 64 is read.

(8) The encrypted data “Ch” is decrypted by using a predeterminedcryptography algorithm and the crypt key, and a decrypted data “H” isobtained.

(9) At the same time, information “A′” of the authentication verifyingchip 61 is read.

As the reading means, camera is generally used, while a reading head ora scanner other than the camera may be used.

(10) The information “A′” of the verifying chip thus read is digitized,and the digital data “M′” is obtained.

(11) The digital data “M′” is turned to hash value and the hash value“H′” is obtained.

(12) The decrypted data “H” is compared with the hash value “H′” Ifthese are equal to each other, it is judged that the combination of theverifying chip 61 and the certifying chip 64 is legitimate. If these aredifferent from each other, it is judged that the combination of theverifying chip 61 and the certifying chip 64 is not legitimate, and thecard is judged as illegitimate. In this way, the authenticity of theverifying chip 61 is certified by the certifying chip 64, which istogether with present on the card.

In this example, the hash value “H′” obtained by the hashing of the data“M′” read from the verifying chip 61 is compared to the hash value “H”decrypted from the encrypted hash value “Ch” read from the certifyingchip 64. It may be possible that the encrypted hash value “Ch′” obtainedby encrypting the hash value “H′” by hashing the data “M′” read from theverifying chip 61 is compared to the encrypted data “Ch” read from thecertifying chip 64.

The cryptosystem and the method to use and manage crypt keys used inthis embodiment are not different from the case of the Embodiment 2 ofthe certifying chip, and new description is not given here.

Embodiment 3 of the Certifying Chip

There may be the cases where the verifying chip is destroyed or stainedand the authentication verifying information cannot be read. In such thecase, the card cannot be used even when it is legitimate. The followingdescribes the arrangement to cope with such the situation.

FIG. 25 and FIG. 26 show an example of a card using the ID of the card.FIG. 25 illustrates the card. FIG. 26 shows the functions of theverifying chip and the certifying chip shown in FIG. 25.

On a card 65, there are provided a verifying chip 61 where cardAuthentication verifying information “A” such as artifact-metrics isstored; and a certifying chip 66 where the authentication verifyinginformation “A” is digitized to the digitized data Message “M”, turnedto ID-added data “I” by adding data such as the ID of the card, and “I”is encrypted to the encrypted data “Ci” and is stored; and both arenon-separably mounted on the card body. On the upper portion of thesurface of the card 65, a magnetic stripe 2 and an arrow mark 3 aredisposed. An IC chip may be used instead of the magnetic stripe 2 ortogether with it. The verifying chip 61 and the certifying chip 66 maybe arranged at separate positions respectively as shown in FIG. 25 orthese may be arranged adjacent to each other or may be united.

Referring to FIG. 26, descriptions below explain the functions of theverifying chip 61 and the certifying chip 66 on the card 65 shown inFIG. 25. In FIG. 26, the steps (1)-(6) show the flow when the card isprepared by a card issuer. The steps (7)-(11) show when a user uses thecard by means of a terminal device such as an ATM.

(1) A verifying chip 61 is prepared, in which card authenticationverifying information “A” being artifact-metrics or an embossed hologramis stored.

Because all artifact-metrics are different from each other, all of theverifying chips 61 having artifact-metrics are different from eachother. In particular, it is impossible to duplicate the artifact-metricswith three-dimensional arrangement, and it cannot be forged.

If the verifying chip as shown in FIG. 5 to FIG. 7 is prepared by usingthe data of 32 bits×32 bits=1024 bits (307 digits in decimal number) ormore with the number of bits according to the method shown in FIG. 11 toFIG. 20, the probability of the existence of the same verifying chipscan be very low and it is negligible. Because the embossed hologram hasa three-dimensional structure, it is impossible to make opticalduplication, and accordingly, it is very difficult to forge it.

(2) The information on the verifying chip 61 is read by analog ordigital means. In order to accurately perform the reading when the cardis used, it is desirable that the reading is performed after theverifying chip 61 is mounted on the card 65.

(3) The analog image of the verifying chip 61 thus read is digitized tothe digital data “M”. In a case where the data to be stored in theverifying chip 61 to be read is digital data, the digitization isunnecessary.

(4) The data such as the ID of the card is added to the digital data “M”and ID-added data “I” is obtained.

(5) The ID-added data “I” is encrypted and encrypted data “Ci” isobtained. For the cryptosystem, a secret-key cryptosystem or apublic-key cryptosystem can be used.

(6) The encrypted data “Ci” is stored in a certifying chip 66, which isnon-separably mounted on the card body 65. For the storage of theencrypted data, adequate means such as the optical reading and recordingmethod, the magnetic recording for barcode or two-dimensional barcode,etc. may be adopted.

In a case where the card 65 is an IC card with an IC chip mounted on it,it is also possible to store the encrypted data in the IC chip. It maybe integrated as a non-separable structure or a method such as weldingmay be adopted. Also, the encrypted data may be recorded on the carditself instead of mounting the chip on the card.

(7) When the card is used, the encrypted data “Ci” stored in thecertifying chip 66 is read.

(8) The encrypted data “Ci” is decrypted by using a predeterminedcryptography algorithm and the crypt key, and a decrypted data “I” isobtained.

(9) At the same time, information “A′” of the verifying chip 61 is read.As the reading means, camera is generally used, while a reading head ora scanner other than the camera may be used.

(10) The information “A′” of the verifying chip 61 thus read isdigitized and the digital data “M′” is obtained.

(11) The data such as the ID of the card is added to the digital data“M′”, and ID-added data “I′” is obtained.

(12) The decrypted data “I” is compared with the ID-added data “I′”. Ifthese are equal to each other, it is judged that the combination of theverifying chip 61 and the certifying chip 66 is legitimate. If these aredifferent from each other, it is judged that the combination of theverifying chip 61 and the certifying chip 66 is not legitimate, and thecard is judged as illegitimate.

In this way, the authenticity of the verifying chip 61 is certified bythe certifying chip 66 which is togetherwith present on the card.

The data recorded on the certifying chip 66 is the encrypted data whichis obtained by adding the ID to the data based on the data of theverifying chip 61 and is encrypted. In order to confirm the authenticityof the verifying chip 61, it is necessary to add the ID to the dataobtained from the certifying chip 66 prior to the comparison of thedata. By keeping this ID in secret, any one who does not know this IDcannot cryptanalyze to know the crypt key.

In this example, the information “A′” read from the verifying chip 61 isdigitized to the digital data “M′”, further added the card information,and thus obtained data “I′” is compared to the data “I” which isobtained by decrypting the encrypted data “Ci” read from the certifyingchip 66. It may be possible that the digital data “M” which is obtainedby removing the card information from the data “I” obtained bydecrypting the data “Ci” read from the certifying chip 66 is compared tothe digital data “M′” obtained by digitizing the information “A′” readfrom the verifying chip

The cryptosystem and the method to use and manage crypt keys used inthis embodiment are not different from the case of the Embodiment 1 ofthe certifying chip, and new description is not given here.

Embodiment 4 of the Certifying Chip

The card where both the verifying chip and the certifying chip arepresent is under the control of the user. In the verifying chip, theauthentication verifying information subject to the encryption ispresent not in secret. In the certifying chip, encrypted data of theauthentication verifying information is present. Then, if the card isgiven into the hand of any one who has malicious intention or if theuser has malicious intention, the encryption may be cryptanalyzed andthe crypt key may become known. Descriptions below explain arrangementsfor preventing such the situation.

FIG. 27 and FIG. 28 show an example of a card using the electronicwatermark. FIG. 27 illustrates the card. FIG. 28 shows the functions ofthe verifying chip and the certifying chip shown in FIG. 27.

On a card 67, there are provided the verifying chip 61 where cardAuthentication verifying information “A” such as artifact-metrics isstored; and the certifying chip 68 where the authentication verifyinginformation “A” is digitized to the digitized data Message “M”, turnedto data with electronic watermark “W” by adding the electronic watermarkto “M”, and is encrypted to encrypted data “Cw” and is stored; and bothare non-separably mounted on the card body. On the upper portion of thesurface of the card 67, a magnetic stripe 2 and an arrow mark 3 aredisposed. An IC chip may be used instead of the magnetic stripe 2 ortogether with it. The verifying chip 61 and the certifying chip 68 maybe arranged at separate positions respectively as shown in FIG. 27 orthese may be arranged adjacent to each other or united.

Referring to FIG. 28, descriptions below explain the functions of theverifying chip 61 and the certifying chip 68 on the card 67 shown inFIG. 27. In FIG. 28, the steps (1)-(6) show the flow when the card isprepared by a card issuer. The steps (7)-(11) show when a user uses thecard by means of a terminal device such as an ATM.

(1) A verifying chip 61 is prepared, in which card authenticationverifying information “A” being artifact-metrics or an embossed hologramis stored.

Because all artifact-metrics are different from each other, all of theverifying chips 61 having artifact-metrics are different from eachother. In particular, it is impossible to duplicate artifact-metricswith three-dimensional arrangement, and it cannot be forged. If theverifying chip as shown in FIG. 5 to FIG. 7 is prepared by using thedata of 32 bits×32 bits=1024 bits (307 digits in decimal number) or morewith the number of bits according to the method shown in FIG. 11 to FIG.20, the probability of the existence of the same verifying chips can bevery low and it is negligible. Because the embossed hologram has athree-dimensional structure, it is impossible to make opticalduplication, and accordingly, it is very difficult to forge it.

(2) The information on the verifying chip 61 is read by analog ordigital means. In order to accurately perform the reading when the cardis used, it is desirable that the reading is performed after theverifying chip 61 is mounted on the card 67.

(3) The analog image of the verifying chip 61 thus read is digitized tothe digital data “M”. In a case where the data to be stored in theverifying chip 61 to be read is digital data, the digitization isunnecessary.

(4) Electronic watermark is added to the digital data “M”, and dataadded the electronic watermark “W” is obtained.

(5) The electronic-watermark-added data “W” is encrypted and theencrypted data “Cw” is obtained.

(6) The encrypted data “Cw” is stored in a certifying chip 68, which isnon-separably mounted on the card body 55. For the storage of theencrypted data, adequate means such as the optical reading and recordingmethod, the magnetic recording, etc. for barcode or two-dimensionalbarcode, etc. may be adopted.

In a case where the card 67 is an IC card with an IC chip mounted on it,it is also possible to store the encrypted data in the IC chip. Forminga non-separable structure or a method such as welding may be adopted.Also, the encrypted data may be recorded on the card itself instead ofmounting the certifying chip on the card.

(7) When the card is used, the encrypted data “Cw” stored in thecertifying chip 68 is read.

(8) The encrypted data “Cw” is decrypted by using a predeterminedcryptography algorithm and a crypt key, and the decrypted data “W” isobtained.

(9) At the same time, information “A′” of the verifying chip 61 is read.As the reading means, camera is generally used, while a reading head ora scanner other than the camera may be used.

(10) The information “A′” of the verifying chip thus read is digitized,and the digital data “M′” is obtained.

(11) Electronic watermark is added to the digital data “M′”, and thedata with the electronic watermark “W′” is obtained.

The decrypted data “W” is compared with the hashed value “W′”. If theseare equal to each other, it is judged that the combination of theverifying chip 61 and the certifying chip 68 is legitimate. If these aredifferent from each other, it is judged that the combination of theverifying chip 61 and the certifying chip 68 is not legitimate.

In this way, the authenticity of the verifying chip 61 is certified bythe certifying chip 68 which is togetherwith present on the card.

The data recorded on the certifying chip 68 is the encrypted dataobtained by encrypting the data which is added the electronic watermarkto the data based on the information of the verifying chip 61. In orderto confirm the authenticity of the verifying chip 61, it is necessary toadd the electronic watermark to the data obtained from the verifyingchip 61 prior to the data comparison. By keeping this electronicwatermark in secret, any one who does not know this electronic watermarkcannot cryptanalyze to know the crypt key.

In this example, the information “A′” read from the verifying chip 61 isdigitized to the digital data “M′” and is added the electronicwatermark, and thus obtained data “W′” is compared to the data “W” whichis obtained by decrypting the encrypted data “Cw” read from thecertifying chip 68. It may be possible that the digital data “M” whichis obtained by removing card information from the data “W” obtained bydecrypting the data “Cw” read from the certifying chip 68 is compared tothe digital data “M′” obtained by digitizing the information “A′” readfrom the verifying chip 61.

The cryptosystem, the method to use and manage crypt keys used in thisembodiment are not different from the case of the Embodiment 1 of thecertifying chip, and new description is not given here.

Embodiment 5 of the Certifying Chip

In the examples of the certifying chip as described above, the basicarrangement is shown in the Embodiment 1, hash algorithm is addedthereto in the Embodiment 2, the ID of the card or the like is added inthe Embodiment 3, and the electronic watermark is added in theEmbodiment 4. As a result, it becomes difficult to forge. In thetechnique added with these features, it is also possible not only tosimply add only one of these features but also to combine several ofthem. That is, the hash algorithm may be combined with ID of the card orthe like, the hash algorithm may be combined with the electronicwatermark. ID of the card or the like may be combined with theelectronic watermark, or the hash algorithm and ID of the card or thelike may be combined with the electronic watermark.

Descriptions below explain the flow on the card authentication verifyingprocess.

Embodiment 1 of the Processing Flow

Referring to FIG. 29, the Embodiment 1 of the flow of cardauthentication verifying processing is described.

(1) A card user inserts a cash card into a card slot of a terminaldevice such as an ATM by setting the portion of the card marked with anarrow at the foremost position, the sensor at the card slot senses it,and the card is taken into the device.

(2) When the card is taken into the device, the terminal device readsthe card information from the magnetic recording portion of the card.

(3) The terminal device judges whether the inserted card is a valid cardwhich can be processed by the terminal device or not.

(4) If it is not confirmed that the card can be processed by the devicefrom the card information thus read, or if the information of the cardcannot be read because the card is broken or stained even though it is avalid card, the terminal device judges that it is an illegitimate cardwhich cannot be processed and discharges the card.

(5) The terminal device reads the authentication verifying data from theverifying chip by mechanical scanning using the movement of the cardwhen the card is taken into the device or under the stopped conditionafter the card is taken in.

(6) The terminal device judges whether the card authentication verifyingdata thus read is valid or not.

(7) In a case where the terminal device judges that the cardauthentication verifying data is not valid, it is judged that theinserted card is not a valid card. Then, the card is discharged from theterminal device, and the processing is terminated.

(8) In a case where the terminal device judges that the cardauthentication verifying data is valid, it instructs the user to performfurther input operations, for example, input of the amount to draw.

(9) The user follows the instruction and performs the input operationsuch as the inputting of the amount to be paid.

(10) The host computer judges whether the content of the input operationsuch as the amount to be paid is adequate or not.

(11) If the host computer judges that the content of the input operationis inadequate, for example, the balance short in the deposit, the cardis discharged from the device, and the processing is terminated.

(12) When the host computer judges that the content of the inputoperation such as the amount to be paid is adequate, the outputoperation such as paying of the amount is performed. Then, the card isdischarged from the terminal device and the processing is terminated.

Embodiment 2 of the Processing Flow

Referring to FIG. 30, Embodiment 2 of the flow of the cardauthentication verifying process is described.

In the flow of the card authentication verifying process, if the cardauthentication verifying data is not valid, the card is discharged fromthe terminal device in the Embodiment 1. In the Embodiment 2, if theauthentication verifying data is not valid, the card is taken into theterminal device, and an alarm is given. In so doing, it can be easy todig up the illegitimate card.

(1) When a card user inserts a cash card into a card slot of a terminaldevice such as an ATM by setting the portion of the card marked with anarrow at the foremost position, the sensor at the card slot senses it,and the card is taken into the device.

(2) When the card is taken into the device, the terminal device readsthe card information from the magnetic recording portion of the card.

(3) The terminal device judges whether the inserted card is a valid cardwhich can be processed by the terminal device or not.

(4) If it is not confirmed that the card can be processed by the devicefrom the card information thus read, or if the information of the cardcannot be read because the card is broken or stained even though it is avalid card, the terminal device judges that it is an illegitimate cardwhich cannot be processed and discharges the card.

(5) The terminal device reads the authentication verifying data from theverifying chip by mechanical scanning using the movement of the cardwhen the card is taken into the device or under the stopped conditionafter the card is taken in.

(6) The terminal device judges whether the card authentication verifyingdata thus read is valid or not.

(7) In a case where the terminal device judges that the cardauthentication verifying data is not valid, it is judged that theinserted card is not a valid card. Then, the card is held in the device,and the alarm is given.

It may be possible that the alarm is issued only at a place remote fromthe terminal device, and a message of operation failure is displayed onthe terminal device. This makes it easy to have the user of theillegitimate card under control.

(8) In a case where the terminal device judges that the cardauthentication verifying data is valid, it instructs the user to performfurther input operations, for example, input of the amount to draw.

(9) The user follows the instruction and performs the input operationsuch as the inputting of the amount to be paid.

(10) The host computer judges whether the content of the input operationsuch as the amount to be paid is adequate or not.

(11) If the host computer judges that the content of the input operationis inadequate, for example, the balance short in the deposit, the cardis discharged from the device, and the processing is terminated.

(12) When the host computer judges that the content of the inputoperation such as the amount to be paid is adequate, output operationsuch as paying of the amount is performed. Then, the card is dischargedfrom the terminal device and the processing is terminated.

Embodiment 3 of the Processing Flow

Referring to FIG. 31, Embodiment 3 of the flow of the cardauthentication verifying process is described.

In the flow of the card authentication verifying process, while if thecard authentication verifying data is not valid, the card is quicklytaken into the terminal device and an alarm is given in the Embodiment2, if the authentication verifying data is not valid, the process to usethe card continues in the Embodiment 3. In so doing, it can be easy todig up the use of the illegitimate card.

(1) A card user inserts a cash card into a card slot of a terminaldevice such as an ATM by setting the portion of the card marked with anarrow at the foremost position. Then, the sensor at the card slot sensesit, and the card is taken into the device.

(2) When the card is taken into the device, the terminal device readsthe card information from the magnetic recording portion of the card.

(3) The terminal device judges whether the inserted card is a valid cardwhich can be processed by the terminal device or not.

(4) If it is not confirmed that the card can be processed by the devicefrom the card information thus read, or if the information of the cardcannot be read because the card is broken or stained even though it is avalid card, the terminal device judges that it is an illegitimate cardwhich cannot be processed and discharges the card.

(5) The terminal device reads the authentication verifying data from theverifying chip by mechanical scanning using the movement of the cardwhen the card is taken into the device or under the stopped conditionafter the card is taken in.

(6) The terminal device judges whether the card authentication verifyingdata thus read is valid or not.

(7) In a case where the terminal device judges that the cardauthentication verifying data is not valid, it instructs the user toperform further input operations, for example, input of the amount todraw.

(8) The user follows the instruction and performs the input operationsuch as the inputting of the amount to be paid.

(9) Then, the card is held in the terminal device, and an alarm isgiven.

It may be arranged that the alarm is issued only at a place remote fromthe terminal device, and a message of operation failure is displayed onthe terminal device. This makes it easy to have the user of theillegitimate card under control.

(10) In a case where the terminal device judges that card authenticationverifying data is valid, it instructs the user to perform further inputoperations such as the input of the amount to draw.

(11) The user follows the instruction and performs the input operationsuch as the input of the amount to be paid.

(12) The host computer judges whether the content of the input operationsuch as the amount to be paid is adequate or not.

(14) If the host computer judges that the content of the input operationis inadequate, for example, the balance short in the deposit, the cardis discharged from the device, and the processing is terminated.

With the arrangement as described above, the time, during which the userwho uses the illegitimate card uses the terminal device, can beextended. This means not only that gives longer time for capturing thecard user, but also that makes it possible to obtain further evidencesuch as the user's fingerprints from the input operation.

If a contact-type touch switch is adopted, this makes the taking offingerprints much easier.

INDUSTRIAL APPLICABILITY

The card with the card authentication verifying chip and the cardauthentication certifying chip as described above can be adopted in theapplications such as bank cash cards, credit cards, prepaid cards,membership cards, securities, ID cards, admission allowance and othertypes of certificate.

1. An object for authentication verification, for which authenticationverification is needed, wherein an authentication verifying chipprovided with specific and non-duplicable information for identifyingsaid object and with a mark for reading position alignment isnon-separably added to said object.
 2. An object for authenticationverification according to claim 1, wherein said specific andnon-duplicable information for identifying said object is anartifact-metrics pattern.
 3. An object for authentication verificationaccording to claim 1, wherein said artifact-metrics pattern comprises anembossed hologram. 4-32. (canceled)
 33. An object for authenticationverification according to claim 1, wherein said artifact-metrics patterncomprises radioactive substance granules.
 34. An object forauthentication verification according to claim 1, wherein saidartifact-metrics pattern comprises fluorescent substance particles. 35.An object for authentication verification according to claim 1, whereinsaid specific and non-duplicable information for identifying said objectis an artificial pattern.
 36. An object for authentication verificationaccording to claim 1, wherein said artificial pattern comprises anembossed hologram.
 37. An object for authentication verificationaccording to claim 1, wherein said artificial pattern comprisesradioactive substance granules.
 38. An object for authenticationverification according to claim 1, wherein said artificial patterncomprises fluorescent substance particles.
 39. An object forauthentication verification according to claim 35, wherein saidartificial pattern is digital data arranged in a matrix form and saiddigital data is based on binary random numbers.
 40. An object forauthentication verification according to claim 39, wherein saidartificial pattern is a part of digital data arranged in a larger matrixform.
 41. An object for authentication verification according to claim1, wherein said mark for reading position alignment provided is one. 42.An object for authentication verification according to claim 1, whereina plurality of said marks for reading position alignment are provided.43. An object for authentication verification according to claim 1,wherein a line to start the reading, a line to finish the reading and aline to indicate the end portion are provided.
 44. An object forauthentication verification according to claim 41, 42 or 43, wherein amark for synchronization signal is further provided.
 45. An object forauthentication verification, for which authentication verification isneeded, wherein an authentication verifying chip provided with specificand non-duplicable information for identifying said object and with amark for reading position alignment, and information for certifying theauthenticity of said verifying chip are added non-separably to saidobject.
 46. An object for authentication verification according to claim45, wherein said authentication verifying chip provided with saidspecific and non-duplicable information for identifying said object andwith the mark for reading position alignment, and said information forcertifying the authenticity of said verifying chip are added atdifferent positions.
 47. An object for authentication verificationaccording to claim 45, wherein said authentication verifying chipprovided with said specific and non-duplicable information foridentifying said object and with the mark for reading positionalignment, and said information for certifying the authenticity of saidverifying chip are added at the same position.
 48. An object forauthentication verification according to claim 45, 46 or 47, whereinsaid specific and non-duplicable information for identifying said objectis an artifact-metrics pattern.
 49. An object for authenticationverification according to claim 48, wherein said artifact-metricspattern comprises an embossed hologram.
 50. An object for authenticationverification according to claim 48, wherein said artifact-metricspattern comprises radioactive substance granules.
 51. An object forauthentication verification according to claim 48, wherein saidartifact-metrics pattern comprises fluorescent substance particles. 52.An object for authentication verification according to claim 45, whereinsaid specific and non-duplicable information for identifying said objectis an artificial pattern.
 53. An object for authentication verificationaccording to claim 52, wherein said artificial pattern comprises anembossed hologram.
 54. An object for authentication verificationaccording to claim 52, wherein said artificial pattern comprisesradioactive substance granules.
 55. An object for authenticationverification according to claim 52, wherein said artificial patterncomprises fluorescent substance particles.
 56. An object forauthentication verification according to claim 52, wherein saidartificial pattern is digital data arranged in a matrix form and saiddigital data is based on binary random numbers.
 57. An object forauthentication verification according to claim 52, wherein saidartificial pattern is a part of digital data arranged in a larger matrixform.
 58. An object for authentication verification according to claim45, wherein said mark for reading position alignment provided is one.59. An object for authentication verification according to claim 1,wherein a plurality of said marks for reading position alignment areprovided.
 60. An object for authentication verification according toclaim 45, wherein a line to start the reading, a line to finish thereading and a line to indicate the end portion are provided.
 61. Anobject for authentication verification according to claim 58, 59 or 60,wherein a mark for synchronization signal is further provided.
 62. Anobject for authentication verification according to claim 45, whereinsaid information for certifying the authenticity of said verifying chipis encrypted data obtained in accordance with said specific andnon-duplicable information for identifying said object.
 63. An objectfor authentication verification according to claim 45, wherein saidencrypted data is encrypted data obtained by encrypting said specificand non-duplicable information for identifying said object.
 64. Anobject for authentication verification according to claim 45, whereinsaid encrypted data is encrypted data obtained by encrypting hash valueof said specific and non-duplicable information for identifying saidobject.
 65. An object for authentication verification according to claim45, wherein said encrypted data is encrypted data obtained by encryptingthe information consisting of said specific and non-duplicableinformation for identifying said object and identification informationof said object.
 66. An object for authentication verification accordingto claim 45, wherein said encrypted data is encrypted data obtained byencrypting the information consisting of said specific andnon-duplicable information for identifying said object and an electronicwatermark.
 67. An object for authentication verification according toclaim 62, 63, 64, 65 or 66, wherein said encrypted data is encrypted byusing a common-key of a common-key cryptosystem under the control of anissuer of said object.
 68. An object for authentication verificationaccording to claim 62, 63, 64, 65 or 66, wherein said encrypted data isencrypted by using a public-key of a public-key cryptosystem under thecontrol of an issuer of said object.
 69. An object for authenticationverification according to claim 62, 63, 64, 65 or 66, wherein saidencrypted data is encrypted by using a secret-key of a public-keycryptosystem under the control of an issuer of said object.
 70. Anauthentication verifying system for verifying authenticity of an object,wherein an authentication verifying chip provided with specific andnon-duplicable information for identifying said object and with a markfor reading position alignment, and a chip for certifying theauthenticity of said object are added non-separably to said object,whereby said object is judged the authenticity by comparing saidauthentication verifying chip with said certifying chip.
 71. Anauthentication verifying system according to claim 70, wherein saidspecific and non-duplicable information for identifying said object isan artifact-metrics pattern.
 72. An authentication verifying systemaccording to claim 70, wherein said specific and non-duplicableinformation for identifying said object is an artificial pattern.
 73. Anauthentication verifying system according to claim 70, wherein saidinformation for certifying the authenticity of said authenticationverifying chip is encrypted data obtained according to said specific andnon-duplicable information for identifying said object.
 74. Anauthentication verifying system according to claim 73, wherein saidencrypted data is an encrypted data obtained by encrypting said specificand non-duplicable information for identifying said object.
 75. Anauthentication verifying system according to claim 73, wherein saidencrypted data is encrypted data obtained by encrypting hash value ofsaid specific and non-duplicable information for identifying saidobject.
 76. An authentication verifying system according to claim 73,wherein said encrypted data is encrypted data obtained by encrypting theinformation consisting of said specific and non-duplicable informationfor identifying said object and identification information for saidobject.
 77. An authentication verifying system according to claim 73,wherein said encrypted data is encrypted data obtained by encrypting theinformation consisting of said specific and non-duplicable informationfor identifying said object and an electronic watermark.
 78. Anauthentication verifying system according to claim 73, 74, 75, 76 or 77,wherein said encrypted data is encrypted by using a common-key of acommon-key cryptosystem under the control of an issuer of said object.79. An authentication verifying system according to claim 73, 74, 75, 76or 77, wherein said encrypted data is encrypted by using a public-key ina public-key cryptosystem under the control of an issuer of said object.80. An authentication verifying system according to claim 73, 74, 75, 76or 77, wherein said encrypted data is encrypted by using a secret-key ofa public-key cryptosystem under the control of an issuer of said object.